Lucene search
K

638 matches found

CNNVD
CNNVD
added 2021/01/27 12:0 a.m.6 views

Sourceforge PhpGACL Cross-Site Scripting Vulnerability

Sourceforge PhpGACL is a pluggable Php, Mysql based platform used to provide access control for platforms organized by Sourceforge. A cross-site scripting vulnerability exists in phpGACL 3.3.7, which stems from a specially designed HTTP request that could lead to arbitrary JavaScript execution...

9.6CVSS6.9AI score0.77745EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.5 views

Micrium uC-HTTP Code Issue Vulnerability

Micrium uC-HTTP is a software from Micrium USA that provides TCP/IP functionality for devices. The software is designed for embedded applications with a compact, reliable, high-performance TCP/IP stack with dual support for IPv4 and IPv6. A code issue vulnerability exists in Micrium uC-HTTP versi...

8.6CVSS5.9AI score0.01881EPSS
Exploits1References1
Talos
Talos
added 2021/01/26 12:0 a.m.56 views

Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

8.6CVSS7.6AI score0.02612EPSS
Exploits1
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.8 views

多款Cisco产品缓冲区错误漏洞

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A remote command execution and denial of service vulnerability exists in the Web management...

9CVSS7.6AI score0.02753EPSS
Exploits0References5
OSV
OSV
added 2020/12/14 9:15 p.m.5 views

CVE-2020-15796

A vulnerability has been identified in SIMATIC ET 200SP Open Controller incl. SIPLUS variants V20.8, SIMATIC S7-1500 Software Controller V20.8. The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a...

7.5CVSS5.7AI score0.01591EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/11/20 12:0 a.m.34 views

Cisco Integrated Management Controller RCE (cisco-sa-ucs-api-rce-UXwpeDHd)

According to its self-reported version, Cisco Unified Computing System E-Series Software UCSE is affected by multiple remote code execution RCE vulnerabilities in the API subsystem due to improper boundary checks for certain user-supplied input. An unauthenticated, remote attacker can exploit...

10CVSS9.3AI score0.046EPSS
Exploits0References6
Cvelist
Cvelist
added 2020/11/10 4:48 p.m.24 views

CVE-2020-25074

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution...

9.6AI score0.06121EPSS
Exploits0References4
NVD
NVD
added 2020/10/26 6:15 p.m.10 views

CVE-2020-26566

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...

7.5CVSS0.04431EPSS
Exploits1References4
Prion
Prion
added 2020/10/26 6:15 p.m.11 views

Design/Logic Flaw

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...

5CVSS7.3AI score0.04431EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2020/10/26 6:15 p.m.23 views

CVE-2020-26566

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...

7.5CVSS7.1AI score0.04431EPSS
Exploits1References6
Cvelist
Cvelist
added 2020/10/26 5:44 p.m.21 views

CVE-2020-26566

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...

7.4AI score0.04431EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/10/26 5:44 p.m.18 views

CVE-2020-26566

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...

7.5CVSS7.3AI score0.04431EPSS
Exploits1
FreeBSD
FreeBSD
added 2020/10/05 12:0 a.m.12 views

motion -- Denial of Service

cxsecurity.com reports: A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...

7.5CVSS4.3AI score0.04431EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/09/22 1:55 p.m.18 views

CVE-2020-4616

IBM Data Risk Manager iDNA 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929...

5.3CVSS4.9AI score0.01704EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/18 12:0 a.m.28 views

Cisco Data Center Network Manager Privilege Escalation (cisco-sa-20180905-cdcnm-escalation)

According to its self-reported version, Cisco Data Center Network Manager is prior to version 11.01 and is, therefore, affected by a privilege escalation vulnerability in the web-based management interface due to incomplete validation of user input. An authenticated attacker could exploit this...

9CVSS7.2AI score0.02253EPSS
Exploits0References3
Prion
Prion
added 2020/09/01 5:15 p.m.14 views

Sql injection

An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.5CVSS8.9AI score0.01803EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/09/01 3:15 p.m.11 views

Design/Logic Flaw

By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on th...

5CVSS7.5AI score0.41688EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2020/08/26 5:15 p.m.18 views

CVE-2020-3485

A vulnerability in the role-based access control RBAC functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to...

6.5CVSS6.2AI score0.00676EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/08/26 4:16 p.m.7 views

CVE-2020-3485 Cisco Vision Dynamic Signage Director Role-Based Access Control Vulnerability

A vulnerability in the role-based access control RBAC functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to...

6.3CVSS6.8AI score0.00676EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/08/26 4:16 p.m.20 views

CVE-2020-3485 Cisco Vision Dynamic Signage Director Role-Based Access Control Vulnerability

A vulnerability in the role-based access control RBAC functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to...

6.3CVSS6.3AI score0.00676EPSS
Exploits0References1
Rows per page
Query Builder